Hell is not frozen yet! (Diablo 3)

[Crni Vuk]

Shit that sucks. I loved my monk so far, and generally have more fun with melee classes than with ranged since I don't like kiting mobs around. Blizzard will no doubt patch and fine-tune like in D2... .

I am not so sure. It is still even true for Diablo 2. You have some characters which can do almost everything alone while others will always struggle. You want to play Diablo 2 now? 90% of the characters running around are paladins with enigma. You hardly see any other characters.

Thats sad. But Diablo. At least here Diablo 3 seems not to be different.

I would not be surprised if the same will happen here in the future where a certain build will be present 90% of the time.

 

[Phil the Nuka-Cola Dude]

Shit that sucks. I loved my monk so far, and generally have more fun with melee classes than with ranged since I don't like kiting mobs around. Blizzard will no doubt patch and fine-tune like in D2...

I'm sure they'll nerf the fuck out of Inferno soon enough, making it farmable by every class as advertised; so I wouldn't give up on your monk. It really does make one wonder how exactly they internally playtested Inferno, though. If it was anything other than artificially generating the best gear in the game, slapping it on and running around for a few minutes, I'd be shocked.

So is there anyone who still believes that always-online DRM will protect you against hacking?
http://www.rockpapershotgun.com/201...devil-blizzard-acknowledges-diablo-iii-hacks/

The "hacking" is just players getting keylogged and having their accounts hijacked. There's a whole mess of keyloggers labeled as maphacks floating around, and people are stupid. Do the math.

We've been taking the situation extremely seriously from the start, and have done everything possible to verify how and in what circumstances these compromises are occurring. Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password. While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand.

 

[fedaykin]

The "hacking" is just players getting keylogged and having their accounts hijacked. There's a whole mess of keyloggers labeled as maphacks floating around, and people are stupid. Do the math.

Riiiight . It couldn't possibly have anything to do with SQL injection attacks and session ID hijacking. It can never be a flaw in Blizzard's system. Blizzard is infallible.

 

[Phil the Nuka-Cola Dude]

Maybe. Maybe not. Searching "SQL injection" turned up a paltry 23 posts on the D3 forums, and I've heard absolutely nothing about that from any official source or articles on the issue out there. If we're going to wildly speculate, I'll still stick with my theory that players were keylogged, and the hackers just sat back and waited until they had a big enough list of accounts (while allowing players to accumulate wealth); and then just hit them all at once.

Take a look at this thread, and the massive shitstorm that ensued.

And then read the blue post at the end.



Anyway, we'll know soon enough what really happened.

 

[Buxbaum666]

I also tinkered with the Mass Confusion spell, but it requires giving up Banish

No it doesn't. If you turn on elective mode, that is. This way you can use any combination of skills you want.
I figured that out after I beat normal. Now my demon hunter has Elemental Arrow w/ Ball Lightning rune on left and Chakram w/ Serpentine rune on right click, a pretty kick-ass combination. Hungering arrow as backup if I run out of hatred but the Vengeance skill takes care of that most of the time. (+25 max hatred plus health globes additionally give 20 hatred and 2 discipline)

 

[clercqer]

Holy shit batman. I didn't know that was possible! Should have been more clear that this option exists.

 

[fedaykin]

People are even reporting that they were hacked despite using this authenticator. Not only is this DRM useless against hackers, but also against cheaters and exploiters. There are already whole communities devoted to sharing D3 hacks and exploits (won't post links, but they're easy to google).

So where does D3's DRM stand?

Protects against hacking [ ]
Protects against cheating [ ]
Protects against piracy [x] (for now)
Locks players out of the game [x]

 

[Tagaziel]

People are even reporting that they were hacked despite using this authenticator. Not only is this DRM useless against hackers, but also against cheaters and exploiters. There are already whole communities devoted to sharing D3 hacks and exploits (won't post links, but they're easy to google).

And what proof do you have that they actually *did* use the authenticator? As Phil pointed out, the OP of the linked thread only started using the authenticator after his account was compromised, yet deliberately lied.

 

[Korin]

So Diablo III came out and now that's my second job.

Also, DRM stands for digital rights management. Not Magical Security Never Get Hacked Again Security Management. Which would actually be MSNGHASM. But that does sound awesome.

 

[Crni Vuk]

People are even reporting that they were hacked despite using this authenticator. Not only is this DRM useless against hackers, but also against cheaters and exploiters. There are already whole communities devoted to sharing D3 hacks and exploits (won't post links, but they're easy to google).

And what proof do you have that they actually *did* use the authenticator? As Phil pointed out, the OP of the linked thread only started using the authenticator after his account was compromised, yet deliberately lied.

The proof is popularity.

I am not saying that is what happened. But I would not be surprised. Consider how long it took for people to hack either the service of Ubisoft, EA or Steam. Also World of Warcraft.

Either Blizzard has invented some kind of secret alien technology which makes it impossible for a human to get in. Or they will face the same issues like all the other big companies. No system is foolproof. Thats a fact. I know its a very huge generalization. But still. This "always online DRM" is at the moment nothing more then a huge annoyance. And over time it will get hacked one way or another. Just wait until Blizzard opens their action house for money and you will see here a huge interest by people to cheat/farm in illegal ways for loot. Its just way to tempting. And one way or another someone will have success. Whats left is that people have to deal with server down times and I dont know what kind of other shit.

So Diablo III came out and now that's my second job.

Also, DRM stands for digital rights management. Not Magical Security Never Get Hacked Again Security Management. Which would actually be MSNGHASM. But that does sound awesome.

Are you joking? It sounds almost like "orgasm". Of course that would be some awesome name

 

[Ilosar]

No it doesn't. If you turn on elective mode, that is. This way you can use any combination of skills you want.

Conclusion: You speak the truth! Why the hell didn't they make this crystal clear in game? I had Elective Mode enabled, but I didn't know it allowed this.

But now I'm torn. I keep Firebombs, Firebats, Zombie Dogs, and Banish. The two remaining skills are Gargantuan and Wall of Zombies. Which one do I ditch? I would like Mass Confusion, but it means that I have two skills (it and Zombie Dogs) on a fairly long cooldown, and D3 is fast-paced indeed.

Also, Azmodan down, and boy was he easier than Belial. Probably because you have a lot more breathing room to avoid his attacks. I was overal dissapointed with him; Tyrael described him as a strategic genius, but his plan basically involved a massive demonic zerg rush (why not just bypass the keep altogether?) all the while spouting generic evil trash talk of doominess at the hero.

Anyhow, Act 4 will be begun later today probably. Situation looks pretty grim already. I must admit, I kinda saw the plot twist coming, but I'm still a bit sad for poor Leah.

Oh, and have I mentionned Blizzard's cinematics are awesome? Because Blizzard's cinematics are awesome.

 

[Korin]

No it doesn't. If you turn on elective mode, that is. This way you can use any combination of skills you want.

Conclusion: You speak the truth! Why the hell didn't they make this crystal clear in game?

True story. They added non-elective mode at some point in beta and it was a while before I found out you could choose whatever you wanted. People continue to not to know this because it isn't ever made clear.

I might be in the manual, but really... who reads the manual?

 

[Makagulfazel]

lol @ using some peoples' ignorance and misfortune as proof that Blizzard's servers were hacked. Is it possible? Sure. But there are bound to be a handful of keylogged computers among the millions of Diablo 3 players.
Still having tons of fun, without any service interruptions the past few days. Sorry doods.

 

[Crni Vuk]

you say it by your self here "millions" of users. Thats a huge potential. Sooner or later Blizzard will be hacked here. Just like any other company out there. There are just to many people with some crazy talent out there which will do it either to gain fame or simply for the money.

 

[Buxbaum666]

No it doesn't. If you turn on elective mode, that is. This way you can use any combination of skills you want.

Conclusion: You speak the truth! Why the hell didn't they make this crystal clear in game? I had Elective Mode enabled, but I didn't know it allowed this.

Same here. The consensus seems to be: the default mode is there to not confuse the dumb masses who would pick shit-ass skill combinations and then blame their not having any fun on Blizzard. I also activated elective mode right in the beginning but then forgot all about it. It really is the one menu entry that doesn't have a clear statement in the tooltip about what it does.

 

[OakTable]

People are even reporting that they were hacked despite using this authenticator. Not only is this DRM useless against hackers, but also against cheaters and exploiters. There are already whole communities devoted to sharing D3 hacks and exploits (won't post links, but they're easy to google).

So where does D3's DRM stand?

Protects against hacking [ ]
Protects against cheating [ ]
Protects against piracy [x] (for now)
Locks players out of the game [x]

From what I understand, apparently it's a consequence of having everything handled server side. When you get something like a new item, an achievement, a friend request, or whatever, the server confirms it and attaches it to your account. Sadly, this leaves an opening for hackers because this stuff doesn't go through authentication and contains your info. The common tactic for the hackers is sending someone a friend request and then tapping that info, getting the password, stealing the items and gold, and then selling it on the RMAH. So if you get a friend request from a random person you don't know, change your password immediately. It's also advisable to turn public multiplayer off. So in conclusion, the very tactics used to protect the RMAH from Chinese, Russian, and Indian hackers allows said hackers to do their thing and steal virtual stuff to sell it for real life money. Irony is a bitch, huh?

 

[Makagulfazel]

Just because I love playing devil's advocate(and other then server connectivity issues my dozen or so friends have had smooth sailing), can anyone cite any sources here? I'm not asking for some article but any snippets from hacker/phisher posts or websites. I am fine with being proven wrong, but everything I've seen thus far is simply speculation or hearsay.
I don't think anything is going to be 100% effective, but so far it just seems like the fault is being directed to Blizzard without any proof. If it's a client side problem, it's like blaming the fire department for not foreseeing faulty wiring in your house. Sorry you had to pay the tax dollars, but shit happens sometimes. It shouldn't be their responsibility to replace your belongings if you didn't take preventative measures.

I'm sticking to the keylogger theory until one of you guys post something other than speculation. Then I'll join the angry mob.

 

[Crni Vuk]

People are even reporting that they were hacked despite using this authenticator. Not only is this DRM useless against hackers, but also against cheaters and exploiters. There are already whole communities devoted to sharing D3 hacks and exploits (won't post links, but they're easy to google).

So where does D3's DRM stand?

Protects against hacking [ ]
Protects against cheating [ ]
Protects against piracy [x] (for now)
Locks players out of the game [x]

From what I understand, apparently it's a consequence of having everything handled server side. When you get something like a new item, an achievement, a friend request, or whatever, the server confirms it and attaches it to your account. Sadly, this leaves an opening for hackers because this stuff doesn't go through authentication and contains your info. The common tactic for the hackers is sending someone a friend request and then tapping that info, getting the password, stealing the items and gold, and then selling it on the RMAH. So if you get a friend request from a random person you don't know, change your password immediately. It's also advisable to turn public multiplayer off. So in conclusion, the very tactics used to protect the RMAH from Chinese, Russian, and Indian hackers allows said hackers to do their thing and steal virtual stuff to sell it for real life money. Irony is a bitch, huh?

well to be fair many of the things you had in Diablo 2 wasn't really hacking either. It was using holes in the Serversystem (kinda ... well from what I understand) where they would force a "lag" on the server to duplicate items. Something Blizzard never managed to fix really.

I would not be surprised if people find holes at some in the Serversystem they have now.

Anyone with more knowledge feel free to correct me here.

 

[Makagulfazel]

One more snippet:
Obviously, ~12 people is a very small sample size. Also, I don't think any of us ever join public games, which may open a security flaw for the people obtaining accounts.
If their intent was to make money on the RMAH, they jumped the gun a bit. Maybe they wanted to gain access to other peoples' accounts before other hackers/phishers could? We'll get more info as time passes.

 

[OakTable]

Just because I love playing devil's advocate(and other then server connectivity issues my dozen or so friends have had smooth sailing), can anyone cite any sources here? I'm not asking for some article but any snippets from hacker/phisher posts or websites. I am fine with being proven wrong, but everything I've seen thus far is simply speculation or hearsay.
I don't think anything is going to be 100% effective, but so far it just seems like the fault is being directed to Blizzard without any proof. If it's a client side problem, it's like blaming the fire department for not foreseeing faulty wiring in your house. Sorry you had to pay the tax dollars, but shit happens sometimes. It shouldn't be their responsibility to replace your belongings if you didn't take preventative measures.

I'm sticking to the keylogger theory until one of you guys post something other than speculation. Then I'll join the angry mob.

Well guess it is just speculation, my bad, according to the venerable Erik Kain.

http://www.forbes.com/sites/erikkai...player-accounts-hacked-items-and-gold-stolen/

Other theories are SQL injections and keylogging malware hosted on Diablo fansites. So I guess you should also scan your PC with a anti-malware program too just to be safe.